ISO 42001 certification cost in the UK and Europe (2026): Full breakdown

This guide breaks down the typical cost of ISO 42001 certification from a reputable certification body in the UK and Europe. It also explains the main factors that influence pricing, including organisation size, scope, complexity, and audit duration.

The figures in this guide cover certification audit costs only and do not include consultancy, implementation support, training, remediation work, or software platform costs.

Key takeaways

1

ISO 42001 certification typically costs £3,500–£20,000+, with pricing primarily driven by audit duration, scope, complexity, and AI roles.

2

Certification is a three-year commitment, including initial certification, annual surveillance audits, and recertification to maintain accredited status.

3

Defining scope carefully, preparing thoroughly, and choosing a reputable provider can improve value while controlling long-term certification costs.

How much does ISO 42001 certification cost in the UK and Europe?

ISO 42001 certification from a reputable-accredited certification body typically costs between £4,000 (~€4,700) and £20,000 (~€23,500)+ VAT. The exact figure depends on audit duration, which is influenced by factors such as organisation size, AI complexity, risk profile, certification scope, and the AI roles included within the management system.To help organisations budget, Tempo Audits' three size-based benchmarks provide a practical indication of what certification may cost at different stages of growth:

  • 1-10 employees: Typically, at the lower end of the range
  • SMEs with around 30 employees: Typically fall within the mid-range
  • 100+ employees: Generally attract higher certification costs due to longer audit durations and broader audit scopes

In addition to the initial certification audit, organisations should budget for annual surveillance audits to maintain certification. These costs vary by organisation size and complexity and are charged separately from the certification audit.Important note: While Tempo's benchmarks provide a useful starting point, the final cost will depend on your organisation's structure, AI risk profile, certification scope, and readiness for audit.

Key things to know about ISO 42001 certification costs (A quick glance)

3 things to know about ISO 42001 costs

1

Costs depend on scope

ISO 42001 certification costs typically range from £4,000 to £20,000+, depending on organisation size, certification scope, AI complexity, risk profile and audit duration.

2

Certification runs over three years

The cycle includes Stage 1 and Stage 2 audits, two annual surveillance audits, and a recertification audit at the end of the three-year period.

3

Reputable auditors add assurance

Rigorous, remote-first audits can improve credibility, support procurement requirements and help organisations manage long-term certification costs.

What is included in the ISO 42001 certification cost?

ISO 42001 certification follows a structured three-year cycle governed by ISO/IEC 42006 and accreditation requirements. Rather than a one-off audit, certification includes an initial assessment, annual surveillance audits, and recertification to demonstrate ongoing compliance.

Stage 1: Documentation readiness review

Stage 1 assesses whether your AI Management System (AIMS) is ready for full certification. Auditors review key documentation, confirm the certification scope, evaluate readiness for Stage 2, and identify any gaps that should be addressed before the main audit.Typically includes:

  • Audit planning and scope confirmation
  • Review of policies, procedures, and AIMS documentation
  • Readiness assessment against ISO 42001 requirements
  • Initial evidence review
  • Gap identification and recommendations for Stage 2

Stage 2: Full AIMS assessment

Stage 2 is the main certification audit. Auditors assess how your AI Management System operates in practice, gathering evidence through interviews, document reviews, process testing, and control validation. At a Stage 2 audit, for an auditor to issue a certificate, they need to find "sufficient objective evidence" of conformity for every clause and applicable control, so the auditor will spend time reviewing conformity.Typically includes:

  • Interviews with relevant personnel
  • Evidence gathering and record sampling
  • Assessment of AI governance and risk controls
  • Review of the Statement of Applicability
  • Non-conformity review and technical sign-off
  • Certification decision and certificate issuance

Surveillance audits (Annual)

Surveillance audits take place annually during Years 2 and 3 of the certification cycle. These audits verify that the management system remains effective and continues to meet ISO 42001 requirements.Typically includes:

  • Review of management reviews and internal audits
  • Assessment of corrective actions and continual improvement
  • Verification of significant organisational or AI system changes
  • Risk-based sampling of controls and processes
  • Ongoing compliance checks against the certified scope

Recertification (Every 3 years)

At the end of the three-year certificate cycle, a recertification audit is required to renew certification for a further 3 year cycle. This audit is more comprehensive than a surveillance audit, being similar to a Stage 2 audit in terms of the auditor needing to find objective evidence of conformity against every applicable clause and control to be able to issue a new certificate). In so doing, the auditor reassesses the effectiveness of the full AIMS.Typically includes:

  • Full review of the management system
  • Assessment of changes to scope, locations, or activities
  • Verification of continual improvement activities
  • Reassessment of risks, controls, and governance arrangements
  • Certification renewal for a new three-year cycle (once any non-conformities are closed after the audit)

Ongoing certification

Certification also involves ongoing coordination between your organisation, the certification body, and accreditation requirements. As your business evolves, additional audits may be required for significant scope changes, acquisitions, new locations, or major AI activities added to the certified management system.Tempo manages the certification programme throughout the cycle, including surveillance scheduling, recertification planning, and any scope extension audits required as your organisation grows.

What affects ISO 42001 certification costs

Most cost differences are driven by audit duration rather than arbitrary pricing. ISO/IEC 42006 sets rules for calculating audit time, starting with organisation size and then adjusting based on factors such as AI roles, complexity, locations, and risk profile. As a simple example, an 8-day audit will generally cost around twice as much as a 4-day audit.

Company size

Organisation size is the starting point for audit duration calculations. ISO/IEC 42006 contains a headcount table that establishes baseline audit days before any complexity adjustments are applied.The headcount bands include:11-15 people

  • 11-15 people
  • 16-25 people
  • 26-45 people
  • 46-65 people
  • 66-85 people
  • 86-125 people

Additional tiers continue beyond this point for larger organisations.Headcount can include employees, contractors, and temporary workers involved in the AI Management System (AIMS). Some organisations may choose to limit certification scope to specific departments, such as AI development or product teams, which can reduce the number of people included in the calculation. Part-time workers are generally counted on a full-time equivalent (FTE) basis.

AI roles included within scope

One of the biggest drivers of audit duration under ISO 42006 is the "AI roles" included within scope of certification. ISO 22989 defines several AI lifecycle roles, including AI provider, AI producer, AI developer, AI deployer, and AI user. An organisation acting solely as an AI user for their certification, will require a shorter audit than a business that is an "AI producer".Likewise, a company operating across multiple AI roles will require more audit time than an organisation covering a single role. This is because auditors must assess additional governance arrangements, controls, responsibilities, and risk management processes across the AI lifecycle - and more controls will be applicable.Where an organisation performs more than one AI role, the increase in audit duration can be significant and should be considered when planning certification budgets and implementation timelines.

Complexity

Beyond size and AI roles, several complexity factors can increase audit duration and therefore certification costs.Common examples include:

  • Multiple sites or operating locations
  • Multiple AI systems within the AIMS scope
  • High-risk or sensitive AI use cases
  • AI used in regulated sectors such as healthcare, financial services, critical infrastructure, or public services
  • AI systems that may affect personal rights, safety, or legal outcomes
  • Large numbers of third-party suppliers or AI service providers
  • Complex contractual and governance arrangements
  • Multiple regulatory frameworks that need to be managed within the AIMS

The more complexity an auditor must assess, the more audit time is generally required.

Certification body fees

Certification bodies apply different daily audit rates, which can affect the overall cost of certification. Pricing differences are often influenced by factors such as accreditation status, geography, auditor expertise, industry specialisation, and audit delivery model. Certification fees typically cover:

  • Audit planning
  • Stage 1 audit delivery
  • Stage 2 audit delivery
  • Audit reporting
  • Non-conformity review and closure
  • Technical review and certification decision
  • Certificate issuance

Remote vs on-site audits

Choosing a remote audit can reduce travel and accommodation costs, particularly for organisations operating across multiple locations or countries. While these savings are usually modest compared to audit fees, they can help lower the overall cost of certification.Remote audits can also be less disruptive for internal teams. Evidence reviews, interviews, and document assessments can be scheduled more flexibly, helping organisations move through the certification process with minimal impact on day-to-day operations.As a remote-first certification body, Tempo Audits has designed its audit process around secure evidence sharing, efficient scheduling, and effective remote collaboration. This allows organisations to achieve certification without the additional cost and complexity that often comes with on-site audits.

Number of locations

The number of locations included within scope can have a direct impact on audit duration.Additional sites often require:

  • More evidence sampling
  • Additional interviews
  • Increased coordination
  • Review of local processes and controls
  • Assessment of governance consistency across locations

That said, AI Management Systems for many tech companies have little physical presence in comparison with other standards like ISO 27001 or ISO 9001 - and therefore the impact of multiple sites is lessened.

Implementation method: In-house vs consultant

Certification bodies are permitted a degree of flexibility when applying ISO/IEC 42006 audit duration rules, provided there is sufficient justification.Where an organisation has implemented a well-structured AI Management System, maintained strong documentation, and prepared thoroughly for certification, auditors may be able to complete activities more efficiently.Similarly, organisations supported by experienced consultants who have delivered multiple ISO 42001 implementations may present fewer readiness issues during the audit process. In some circumstances, this can support a justified reduction in audit duration and associated certification costs.

Reduce cost and disruption with a remote-first ISO 42001 audit

Traditional certification audits often involve travel, accommodation, and the logistical challenge of coordinating on-site visits. Tempo's remote-first audit approach removes much of that overhead, helping organisations reduce unnecessary costs while making the certification process easier to manage.

If you'd like a clearer understanding of what certification will cost for your organisation, speak to the Tempo Audits team for a transparent, no-obligation estimate based on your size, scope, and AI activities.

Get a Quote

How is the ISO 42001 certification cost calculated?

The starting point for ISO 42001 certification pricing is audit duration. Certification bodies determine the number of audit days required using the methodology set out in ISO/IEC 42006, which establishes a baseline based on the number of people covered by the AI Management System (AIMS).From there, auditors assess factors such as the AI roles included within scope, organisational complexity, locations, and risk profile. These factors can increase or, in some circumstances, reduce the final audit duration.Once the required audit days have been determined, the certification body applies its audit rates to produce the final certification quote.

How ISO 42001 certification cost is calculated

Certification cost is based on audit duration and the certification body’s audit rates.

1
👥

Organisation size

Based on the number of people in scope for your AI Management System.

2

Scope & factors

Adjusted for AI roles, complexity, locations and risk profile.

3
📅

Audit duration

Final audit days after applying justified adjustments.

4
£

Apply audit rate

Certification body daily rate multiplied by total audit days.

5

Add any expenses

Additional costs may apply, for example travel for on-site audits.

Final certification cost = Total audit days × Daily audit rate + Any additional expenses

Tempo Audits: ISO 42001 audit day and cost guide (Stage 1 + Stage 2)

The figures below show typical market ranges for initial ISO 42001 certification audits (Stage 1 and Stage 2 combined). Actual costs will vary depending on your certification scope, AI roles, risk profile, and organisational complexity, although Tempo's pricing typically sits towards the lower end of the market range.The audit days shown include planning, audit delivery, report writing, technical review, and certification activities. As a general rule, clients should expect around 70-75% of the listed audit days to involve direct auditor engagement, with the remaining time allocated to preparation, reporting, and certification administration.

How to reduce ISO 42001 certification costs

Although ISO/IEC 42006 largely determines audit duration, organisations still have some control over certification costs.

1. Limit scope by reducing headcount under AIMS

Certification scope has a direct impact on audit duration. Where justified, some organisations choose to certify specific business units, teams, or functions rather than the entire organisation.For example, a technology company may certify only its AI product and development/engineering teams rather than all business operations. This can reduce the number of people included in the audit calculation and lower certification costs.Any scope exclusions must be justifiable, agreed by the certification body, and clearly reflected on the certificate.

2. Define AI roles carefully

The AI roles included within scope can significantly affect audit duration. Organisations should ensure the certification scope reflects genuine business requirements rather than automatically including every possible AI role.For example, an organisation acting as an AI provider may not necessarily need AI usage activities within scope if they are not critical to the certified management system or the activities of the business. However, any exclusions must be supported by evidence and accepted by the auditor.

3. Use experienced consultants or proven platforms

Certification bodies may be able to complete audits more efficiently when organisations arrive well prepared. Working with experienced ISO 42001 consultants or established compliance platforms can improve documentation quality, governance maturity, and audit readiness.The objective is not to reduce audit rigour, but to reduce the time spent resolving avoidable issues during the certification process.

4. Prepare documentation early

Good documentation won't dramatically reduce certification costs on its own. Under ISO/IEC 42006, audit duration is primarily driven by factors such as headcount, scope, AI roles, and complexity rather than the quality of documentation.However, as Tempo Audits Founder Rob Hall notes, well-prepared evidence from a structured and familiar management system can sometimes support a modest reduction in audit effort. More importantly, it helps audits run more smoothly by reducing delays, minimising clarification requests, and making it easier for auditors to review controls and supporting evidence.The biggest benefit is usually not lower certification costs, but a faster, more efficient audit experience with fewer surprises during Stage 1 and Stage 2.

5. Choose a remote-first audit model

Remote audits remove travel and accommodation costs and can reduce disruption for internal teams. For organisations operating across multiple sites or countries, remote evidence reviews and interviews are often easier to coordinate.

6. Use Full-Time Equivalent (FTE) calculations correctly

Audit duration is based on the number of people operating within the AIMS. Where part-time workers are included, certification bodies typically calculate headcount using full-time equivalents (FTEs).This can make a meaningful difference around headcount thresholds. For example, two employees working 50% of their time within scope may be counted as one FTE rather than two full-time employees.

7. Train key staff before the audit

Employees involved in the AIMS should understand their responsibilities, controls, and governance processes before certification begins. Well-prepared teams can provide clearer evidence during interviews, reduce follow-up questions, minimise delays, and lower the likelihood of non-conformities that require additional corrective action after the audit.

How Tempo Audits keeps ISO 42001 certification costs transparent

One of the biggest frustrations with certification projects is unclear pricing. Tempo Audits uses a transparent audit-day model based on ISO/IEC 42006 requirements, so organisations can understand how costs are calculated and what is included at each stage of the certification cycle.

Certification stage Typical cost range
Initial certification Stage 1 + Stage 2 £3,500–£20,000 ~€4,095–€23,400
Annual surveillance audit Years 2 & 3 £1,600–£9,000 per year ~€1,872–€10,530
Recertification audit Every 3 years £3,500–£14,000 ~€4,095–€16,380

Example: 150-person organisationA company with around 150 employees operating under its AI Management System (AIMS) would typically fall within the 126-175 employee audit band. Depending on the AI roles included within scope and the overall complexity of the organisation, initial certification would typically range from £9,000 (~€10,530) to £17,500 (~€20,475) for Stage 1 and Stage 2 combined, as per the cost guide table shared earlier in the article - with the lower end being if they are only including AI usage or AI provider in scope, and the higher end if they're including more than one of AI provider, AI producer and AI usage in scope. The organisation would then budget separately for annual surveillance audits and recertification at the end of the three-year cycle.

Tempo maintains pricing transparency through:

  • Clear ISO/IEC 42006 audit-day calculations, so organisations understand how audit duration is determined.
  • Remote-first audits, helping minimise travel-related costs and operational disruption.
  • Strong emphasis on preparation and readiness, reducing avoidable delays and corrective work during certification.

For a transparent ISO 42001 certification quote, contact Tempo Audits today.

Reviews

Trusted by fast-moving tech teams across the world who value a more human audit experience.

We transferred to Tempo from one of the established certification bodies — and we are delighted with the choice. Our audit was one of the smoothest we’ve had in terms of collaboration and engagement.
Laurence, Director of IT & Client Services @ RDT
If Carlsberg did auditors… We use Tempo for our ISO 27001 auditing and I'm thrilled that we were introduced. They ensured that the process dovetailed so smoothly with our ongoing operational activities that the impact was barely noticeable.
Jason, Director of Operations @ The Risk Factor
The Tempo team moved really fast to help us meet our timeframes — it’s rare to have an audit firm move at the speed of a start-up.
Ellie, COO @ Everblue Technology
Alfonso was nothing short of brilliant. Having worked with many auditors over the years, he stood out for his clarity, professionalism, and kindness. He completely changed my view of auditors.
Amardeep, Director @ Blue Edge
Tempo lives up to its name. No other company we contacted was faster or more straightforward during the process.
Lukas, CEO @ Noreja Intelligence
Is it weird to say I had a good time? We had worked with a more traditional auditor, but they didn't understand the needs/tech of our start-up. Tempo knew how to use our ISMS software and understood our business.
Jonny, Head of Engineering @ Nomio

Resources

No items found.

ISO 42001 Resources

FAQs

Trusted by fast-moving tech teams across the world who value a more human audit experience.

ISO 42001 certification follows a three-year certification cycle rather than a one-off audit. Organisations complete an initial Stage 1 and Stage 2 certification audit, followed by annual surveillance audits in Years 2 and 3, before undergoing recertification at the end of the three-year cycle.Typical annual surveillance audit costs range from £1,600-£9,000 (€1,872–€10,530) depending on organisation size, certification scope, and complexity. Recertification audits are typically more comprehensive and are priced separately from surveillance activities.

In practice, organisations do not usually "fail" an ISO 42001 audit. Where auditors identify non-conformities, organisations are given the opportunity to address them before certification is granted or maintained.The impact on cost depends on the type and number of findings:

  • Minor non-conformities are addressed through corrective action plans and evidence submission on how the company plan to close them in the coming months. The auditor will sign them off, and once approved, certification can be issued.
  • Major non-conformities require remediation to be finalised before they're closed, and certification can be awarded.
  • Additional charges generally only arise if significant extra audit time is required to verify corrective actions.

There is therefore no fixed cost for "failing" an audit. Instead, any additional costs relate to the effort required to close outstanding findings (which is a requirement in ISO 42006). At Tempo Audits, the cost of closing up to five non-conformities is included within the standard certification fee. Where more than five findings are raised, additional audit time is charged in increments of 0.25 audit days (£250 (€293)) for each additional group of up to five non-conformities, or part thereof.In reality, most organisations do not exceed five findings during the certification process.

Yes. Where both certification bodies are accredited by UKAS or another recognised IAF accreditation body, there is a defined certification transfer process. This allows organisations to transfer certification without restarting the entire certification cycle. The incoming certification body reviews existing certification records, audit history, and certification status before accepting the transfer.Non-accredited certifications are different. Because there is no recognised accreditation framework governing transfers, organisations may be required to undergo a new certification process if they later move to an accredited certification body.

No. Tempo Audits' certification fees cover the independent certification audit process only, including:

  • Stage 1 audit
  • Stage 2 audit
  • Annual surveillance audits
  • Recertification audits
  • Certification decision and certificate issuance

Consultancy, implementation support, training, internal resource costs, and compliance platforms are separate services and are not required to obtain certification.

Book a call

No forms, no faff – just a conversation and a quote. Prefer to skip straight to it? Fill out the application form and we'll get moving.

Alternatively, if you have all the details,
fill out this form here.